× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0181cb5040638e6a15ef01ed77507a3885f504d5973d6b3f097517a53accffe7
File name: vt-upload-1nSnn
Detection ratio: 15 / 53
Analysis date: 2014-06-12 08:50:02 UTC ( 4 years, 9 months ago )
Antivirus Result Update
AntiVir TR/Spy.ZBot.abs.13 20140612
AVG Zbot.JTW 20140612
Bkav HW32.CDB.F14e 20140611
ESET-NOD32 Win32/Spy.Zbot.ABS 20140612
Fortinet W32/Kryptik.CBVT!tr 20140612
Kaspersky Trojan.Win32.Yakes.fcsn 20140612
Malwarebytes Spyware.Zbot.VXGen 20140612
McAfee Artemis!248F17D11ECB 20140612
McAfee-GW-Edition Artemis!248F17D11ECB 20140612
Panda Trj/OCJ.F 20140612
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140611
Sophos AV Mal/EncPk-ALY 20140612
Symantec WS.Reputation.1 20140612
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140612
VIPRE Trojan.Win32.Generic!BT 20140612
Ad-Aware 20140612
AegisLab 20140612
Yandex 20140610
AhnLab-V3 20140611
Antiy-AVL 20140611
Avast 20140612
Baidu-International 20140612
BitDefender 20140612
ByteHero 20140227
CAT-QuickHeal 20140612
ClamAV 20140612
CMC 20140610
Commtouch 20140612
Comodo 20140612
DrWeb 20140612
Emsisoft 20140612
F-Prot 20140612
F-Secure 20140612
GData 20140612
Ikarus 20140612
Jiangmin 20140612
K7AntiVirus 20140611
K7GW 20140611
Kingsoft 20140612
Microsoft 20140612
eScan 20140612
NANO-Antivirus 20140612
Norman 20140612
nProtect 20140611
Qihoo-360 20140612
SUPERAntiSpyware 20140612
TheHacker 20140610
TotalDefense 20140612
TrendMicro 20140612
TrendMicro-HouseCall 20140612
VBA32 20140611
ViRobot 20140612
Zillya 20140611
Zoner 20140611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1992 - 2010

Publisher iExpert Software
Product E0ch2UJs60
Original name Q05l37jb036.exe
Internal name Q05l37jb036.exe
File version 3.0.4.8
Description D3L2107
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-06 10:37:02
Entry Point 0x00006EE0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegUnLoadKeyA
RegQueryValueExA
RegCloseKey
RegUnLoadKeyW
SetBkColor
SetBkMode
SetTextColor
LocalReAlloc
GlobalFree
WaitForSingleObject
SetEvent
IsDebuggerPresent
GlobalUnlock
LoadLibraryA
lstrlenW
GlobalSize
GetStartupInfoA
LocalAlloc
GetCommandLineW
CreateThread
UnhandledExceptionFilter
GetProcAddress
WriteProfileStringW
lstrcpynW
GetProfileStringW
lstrcpyW
GlobalReAlloc
GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
lstrcmpW
GlobalLock
lstrcatW
LocalFree
GetProfileIntW
TerminateProcess
CreateEventW
GlobalCompact
GlobalAlloc
Sleep
IsBadStringPtrA
ResetEvent
ShellAboutW
MapWindowPoints
SetFocus
UpdateWindow
EndDialog
PostQuitMessage
GetMessageW
OffsetRect
DefWindowProcW
CheckRadioButton
GetDlgCtrlID
DestroyMenu
RegisterClassExW
SetProcessDefaultLayout
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
GetDesktopWindow
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EnableWindow
SetMenu
SetWindowTextW
DialogBoxParamW
ChildWindowFromPoint
GetClipboardData
TranslateMessage
GetSysColor
CheckMenuRadioItem
CheckDlgButton
DispatchMessageW
CreateDialogParamW
GetProcessDefaultLayout
CheckMenuItem
SendMessageW
TranslateAcceleratorW
DestroyWindow
WinHelpW
LoadStringW
GetClientRect
GetDlgItem
SystemParametersInfoW
HideCaret
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
CallWindowProcW
IsDialogMessageW
GetSysColorBrush
CharNextA
GetWindowTextW
SetDlgItemTextW
SetDlgItemInt
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
DrawTextW
CharNextW
TrackPopupMenuEx
IsChild
SetCursor
Number of PE resources by type
RT_DIALOG 4
B197GZ2M 1
T8SWE3U16 1
BY6826IF7 1
K8KHS57N 1
W979F2X 1
XX2M4 1
Q20V237G 1
QA697EXJ 1
V5ETM676 1
RT_ACCELERATOR 1
D7XLAU5 1
RT_VERSION 1
J5ZX81 1
K62JD3B 1
Number of PE resources by language
ENGLISH US 16
MALAY *unknown* 1
ARABIC BAHRAIN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1414656

ImageVersion
0.0

ProductName
E0ch2UJs60

FileVersionNumber
3.0.4.8

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
D3L2107

CharacterSet
Windows, Japan (Shift - JIS X-0208)

LinkerVersion
10.0

OriginalFilename
Q05l37jb036.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.4.8

TimeStamp
2014:06:06 11:37:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Q05l37jb036.exe

FileAccessDate
2014:06:12 09:48:30+01:00

ProductVersion
3.0.4.8

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:06:12 09:48:30+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1992 - 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
iExpert Software

CodeSize
90624

FileSubtype
0

ProductVersionNumber
3.0.4.8

EntryPoint
0x6ee0

ObjectFileType
Executable application

File identification
MD5 248f17d11ecb1ceaf541511ffa16b88a
SHA1 29a2accff2d02be6674b9cc4da51b9ce4160adba
SHA256 0181cb5040638e6a15ef01ed77507a3885f504d5973d6b3f097517a53accffe7
ssdeep
6144:IBdcRRhziFf2y14lBIG3lxHGmtGmSLaiAWMdlcpb:XbOaGG3lxtTSozc9

imphash 039df1a87d1db21600b10dcae81dd7f5
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-12 08:50:02 UTC ( 4 years, 9 months ago )
Last submission 2014-06-12 08:50:02 UTC ( 4 years, 9 months ago )
File names Q05l37jb036.exe
vt-upload-1nSnn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections